Today’s cybersecurity and technology landscape is complex. The hulking mainframes of older legacy technologies are in sharp contrast to the clouds above them – and it’s difficult to decide which systems to modernise first. Hybrid IT blends old and new models of risk management to make new value possible, without abandoning old investments.

During this first phase of digital data evolution, when data must move from one company to another, it goes from an application, through the OS to a storage device, out through networks to another company’s device, through its OS and into a new application. The points of vulnerability are somewhat limited to a few key network ports. Perimeter-based security requires engineers to create firewalls around the organisation. Generalist CTOs build architectures based on the bigger picture of how the network is secured against outside threats, while allowing information to flow to and from trusted partners. Then, IT managers control and allow access to certain zones of the network. Most organisations using this mode of cybersecurity rely on these limited internal roles to design and manage their cybersecurity strategy, and a few work with managed service providers to accomplish these goals, but such perimeter-based cybersecurity won’t be sufficient to carry organisations into the future. 

Data sharing is essential to the creation of new digital business products such as Web apps and mobile apps, which integrate customer information through an application programme interface (API). However, opening company data up is risky too, so IT leaders must balance the risk and reward of new digital business value with the cost of creating properly-secured systems. Currently, companies vary widely in their tolerance of innovative, peer-to-peer technologies and collaboration tools, resulting in a challenge to attract and retain ‘millennial’ workers, and innovate at the pace of digital-first companies disrupting traditional business. Innovation debt is a critical element of this equation. Deferred innovations create a ‘debt’ when the time to access those investments comes along and they aren’t there to support new offerings or reactions to competitors. Meanwhile, ‘legacy debts’ around older technologies arise as a talent issue. For example, many companies have modern Web interfaces that are linked to older mainframes for certain functions and newer, cloud-based systems for others. In the event of a breach or the deployment of a new application, engineers must be able maintain functionality of these hybrid systems with a broad skill set that is difficult to source.